Search all jobs
Browse jobs › GRC Engineer

GRC Engineer

Charliehealth · Remote, United States · Posted Jul 6, 2026

Apply on company site   Track it in JobSkout

Why Charlie Health?

Millions of people across the country are navigating mental health conditions, substance use disorders, and eating disorders, but too often, they’re met with barriers to care. From limited local options and long wait times to treatment that lacks personalization, behavioral healthcare can leave people feeling unseen and unsupported.

Charlie Health exists to change that. Our mission is to connect the world to life-saving behavioral health treatment. We deliver personalized, virtual care rooted in connection—between clients and clinicians, care teams, loved ones, and the communities that support them. By focusing on people with complex needs, we’re expanding access to meaningful care and driving better outcomes from the comfort of home.

As a rapidly growing organization, we're reaching more communities every day and building a team that’s redefining what behavioral health treatment can look like. If you're ready to use your skills to drive lasting change and help more people access the care they deserve, we’d love to meet you.

About the Role

The GRC Engineer is responsible for transforming Charlie Health’s compliance, risk and control programs into automated, measurable and continuously monitored systems. This is a hands-on engineering role focused on building the technical foundations that support HIPAA, SOC 2, NIST and other compliance requirements.

This role will partner closely with Information Security, IT Engineering, Compliance, Legal, Engineering and business teams to translate regulatory, contractual and risk requirements into automated controls, evidence pipelines, dashboards, workflows and continuous control monitoring.

Our Information Security and IT organizations treat compliance as an engineering discipline. We value ownership, automation, measurable outcomes, reliability, auditability and continuous improvement. The GRC Engineer will help move Charlie Health from manual, point-in-time compliance activities toward scalable, system-driven assurance.

Charlie Health operates in a highly regulated healthcare environment. This role will help ensure that controls protecting patient, clinician, employee and company data are well-designed, consistently operated and supported by reliable evidence.

Responsibilities

Compliance Engineering Control Automation

Design, build and operate automated controls that support HIPAA, SOC 2, NIST, ISO 27001 and other applicable frameworks

Translate compliance requirements into technical control logic, workflows, integrations, dashboards and evidence pipelines

Build scalable systems that reduce manual compliance work and improve confidence in control effectiveness

Partner with Security, IT, Compliance and Engineering teams to embed control requirements into systems and operating processes

Continuous Control Monitoring

Build and maintain continuous control monitoring capabilities across identity, endpoints, cloud, SaaS platforms, security tools and business systems

Define control health metrics, thresholds, alerts and reporting mechanisms

Identify control gaps, exceptions and drift, then partner with control owners to drive remediation

Improve visibility into the design, operation and effectiveness of key controls

Evidence Automation Audit Readiness

Automate audit evidence collection across systems such as Okta, Google Workspace, Jamf, Intune, SentinelOne, Wiz, AWS, Jira, Confluence, Slack and GRC platforms

Build repeatable evidence workflows that support HIPAA, SOC 2, customer due diligence, vendor assessments and internal risk reviews

Improve the quality, consistency and traceability of audit evidence

Partner with Compliance, Legal and external auditors to reduce audit burden and improve readiness

GRC Systems, Integrations Reporting

Configure and improve GRC platforms, compliance tools, ticketing systems, documentation repositories and reporting workflows

Build integrations between GRC systems and source systems of record using APIs, webhooks, scripts and workflow automation tools

Develop dashboards and reports that show control health, remediation status, audit readiness and risk trends

Maintain documentation for control logic, data sources, automations and operational procedures

Risk, Remediation Exception Management

Support risk and control assessments by providing technical analysis, control evidence and remediation tracking

Build workflows for risk acceptance, exception management, corrective action plans and control remediation

Partner with control owners to ensure findings are tracked, prioritized and resolved

Help define metrics that measure risk reduction, compliance maturity and control reliability

AI Governance Emerging Compliance Automation

Help evaluate how AI tools, LLM platforms and AI-enabled workflows affect compliance, privacy and security requirements

Support governance controls for enterprise AI adoption, including access, logging, data protection, review workflows and evidence collection

Ide…

Apply on company site